Sep 02 2021
10:09 PM
- last edited on
Feb 10 2023
02:35 PM
by
TechCommunityAP
Sep 02 2021
10:09 PM
- last edited on
Feb 10 2023
02:35 PM
by
TechCommunityAP
Hi Experts,
We are using the Office 365 Business Essentials Service for the last 7 Years.
We have the following Setup.
Problem :
Some users are not happy when their local AD Password changes after 30 Days (As Per Organizational Policy) the Microsoft Challenges them to re-enter newly change AD Password in some cases and MFA prompt however Microsoft Outlook 2013 (Desktop Version) does not ask to re-enter password the reason could be we had to save Application Password (App Password).
Also, One Drive Sync Client also asks for a re-authentication like Microsoft Team
Question :
Is there any way so we can bypass this password prompt / MFA prompt once a user changes the local AD Password.
Sep 02 2021 10:57 PM
Sep 02 2021 11:46 PM - edited Sep 02 2021 11:54 PM
As soon as the password is reset in local AD, and this information is synced to Azure AD, Azure AD will determine that all active tokens are no longer valid and need to be refreshed. This requires the user to authenticate themselves again. You could decide to disable MFA for specific users, but then MFA is disabled under all circumstances (excluding possible Azure AD CA policies), something I do not recommend and you also do not want.
Update: I just realized that potentially you could try and see if Azure AD Connect can be prevented from syncing the last password change time. Which is used by Azure AD to determine if it needs to revoke refresh tokens. Not sure if this attribute can be excluded though. Also still wouldn't recommend it 🙂
Sep 03 2021 12:21 AM
Sep 03 2021 12:26 AM